Understanding API security
API security is an important topic. This section will introduce some of the basic concepts and terminology used in API security. Later sections in this chapter will walk you through the various ways to authorize an API. However, before I show you how to use those, I want to talk a bit about what authorization even is. I have been using the term authorization, but the reality is, securing an API (or a website) involves two things. It involves authorization and authentication. These are important topics that underpin all security testing. Although they are often used interchangeably, understanding the distinction between them will help you to effectively test APIs with these options. In this section, we will explore what these two concepts are and how they relate to each other.
Authorization in APIs
Authorization is how we determine what things a given user is allowed to do. So, for example, if you imagine an online learning platform, you might have...